Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-20525 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
2024-11-06 CVE-2024-20530 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
2024-11-06 CVE-2024-20531 Server-Side Request Forgery (SSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-918
6.5
2024-11-06 CVE-2024-20537 Incorrect Authorization vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions.
network
low complexity
cisco CWE-863
6.5
2024-11-06 CVE-2024-20538 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
2024-11-06 CVE-2024-20539 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.
network
low complexity
cisco CWE-79
4.8
2024-10-23 CVE-2024-20364 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2024-10-23 CVE-2024-20372 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2024-10-23 CVE-2024-20377 Cross-site Scripting vulnerability in Cisco Firepower Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input.
network
low complexity
cisco CWE-79
5.4
2024-10-23 CVE-2024-20379 Path Traversal vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-22
6.5